來自KeyVaultKeyResolver的Azure rsaKey始終爲空

Question

我通過我的MVC/Durandal網絡應用程序將身份證明文件保存到Azure blob存儲。我正在關注this示例，以使用Azure密鑰保管庫來加密Azure存儲中的Blob以存儲加密密鑰。

這裏是我的代碼：

 

    public async Task UploadIdentityDocumentForClient(string fileName, ParsedClientModel parsedClientModel) 
    { 
     BlobRequestOptions options = await GetBlobRequestOptions(); 
     await 
      _storageRepository.CreateEncryptedBlobFromByteArray(_storageManager, _containerName, fileName, parsedClientModel.IdentityDocumentFile, parsedClientModel.IdentityDocumentContentType, options); 
     return fileName; 
    } 


    private static async Task GetBlobRequestOptions() 
    { 
     string secretUri = WebConfigurationManager.AppSettings["SecretUri"]; 
     string secretName = WebConfigurationManager.AppSettings["SecretEncryptionName"]; 
    *1 KeyVaultKeyResolver keyVaultKeyResolver = new KeyVaultKeyResolver(GetAccessToken); 

    *2 IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult(); 
     BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsaKey, null); 
     BlobRequestOptions options = new BlobRequestOptions 
     { 
      EncryptionPolicy = policy 
     }; 
     return options; 
    } 


    public static async Task GetAccessToken(string authority, string resource, string scope) 
    { 
     string clientId = WebConfigurationManager.AppSettings["ClientId"]; 
     string clientSecret = WebConfigurationManager.AppSettings["ClientSecret"]; 
     ClientCredential clientCredential = new ClientCredential(clientId, clientSecret); 
     AuthenticationContext authenticationContext = new AuthenticationContext(authority, TokenCache.DefaultShared); 
     AuthenticationResult result = await authenticationContext.AcquireTokenAsync(resource, clientCredential); 
     if (result == null) 
     { 
      throw new InvalidOperationException(
       "GetAccessToken - Failed to obtain the Active Directory token for application."); 
     } 
    *3 return result.AccessToken; 
    } 


    public async Task CreateEncryptedBlobFromByteArray(IStorageManager storageManager, string containerName, string fileName, 
     byte[] byteArray, string contentType, BlobRequestOptions options) 
    { 
     CloudBlobContainer container = await CreateStorageContainerIfNotExists(storageManager, containerName); 
     CloudBlockBlob blob = container.GetBlockBlobReference(fileName); 
     blob.Properties.ContentType = contentType; 
     await blob.UploadFromByteArrayAsync(byteArray, 0, byteArray.Length, AccessCondition.GenerateEmptyCondition(), options, new OperationContext()); 
    } 

這條線......

 

    IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult(); 

總是返回null。

我在上面的代碼中添加了斷點（* 1到* 3），並且注意到* 2總是在* 3之前被命中。這意味着KeyVaultKeyResolver（GetAccessToken）調用不會等待GetAccessToken調用返回值。

任何想法，我在做什麼錯？

Answer 1

我想出了我做錯了什麼。

凡斷點2我應該用這個代碼：

SymmetricKey sec = (SymmetricKey) cloudResolver 
      .ResolveKeyAsync("https://yourkeyvault.vault.azure.net/secrets/MiplanAdminLocalEncryption", 
       CancellationToken.None) 
      .GetAwaiter() 
      .GetResult(); 

我也有使用PowerShell中的祕密添加到我的Azure的關鍵庫。通過管理用戶界面創建密碼不起作用。下面是我使用的命令：

對不起，圖像，但是當作爲代碼樣品粘貼SO不會接受上述文本甚至。

請參閱this網站的原始示例。

我找到了一種方法通過在Azure門戶添加的祕密：

//If entering via Azure UI: 
    //Your secret string must be 16 characters (28 bits) long or end up being 28, 192, 256, 384, or 512 bits. 
    // Base64 encode using https://www.base64encode.org/ 
    //Take this encoded value and enter it as the secret value in the UI.